Detailed explanation of the risk of cloud computing outsourcing

Without a free lunch, outsourcing cloud computing cannot address the critical issue of legal risk (which accompanies third parties ' knowledge of data storage and transmission locations). The following points must be taken into account when an enterprise decides to adopt an outsourced cloud computing solution.


　　


first of all, of course, we need to define what we're talking about, because there are many definitions for "cloud computing." Recently, a well-known CIO defined it as: The virtual server is controlled by an organization, and the computing technology that the end user can access through the network. We define "cloud computing" as the service delivery of commercial software, the application of software and the data stored on virtual servers over the network. Outsourcing cloud Computing provides a commercial enterprise technology: The infrastructure is the service, the software is the service, and the platform is the service, all these service offerings are online and under the Web2.0 framework. When a third party controls any part of the cloud, relevant data security, privacy, and regulatory issues arise. In a way, the problem arises when the data line is replaced by a communication scheme that bundles data from n companies. Third parties try to fully improve the efficiency of virtualization technology, and the traditional enterprise own functions (infrastructure, system platform and software) commercialization, at the same time, legal risks have emerged.


　　

The benefit of
Third-party Solutions is that business software is well established. From Third-party software solution vendors that leverage multi-user requirements to outsourced infrastructure vendors, which invest in technology solutions that are faster and newer than a single user, third parties can achieve economies of scale while reducing the cost of delivering functionality. However, there must be a risk of profitability, and the following are the risk issues that need to be focused on.


　　


1, data storage and transfer


　　


traditional outsourcing protocols, users can negotiate with suppliers about the location of data storage (including where the backup process is conducted). In this way, both users and vendors can understand what kind of management method should be provided for the transmission regulations of relevant data. However, the cost effectiveness of outsourcing cloud computing is high because vendors can move data anywhere in the world and send data from one enterprise to different locations, depending on capacity, application, and bandwidth. Increased degrees of freedom will result in processing processes that do not comply with many of the world's data-storage and transfer-related regulations.


　　


Historically, the risk commonly discussed between users and vendors in outsourcing planning is that the user asks the supplier to adopt a specific process to implement the data transfer process compliance. Without these requirements, vendors are not liable for the storage and transfer of user data. Over time, suppliers are aware that they should respond to the needs of their users, and that they must integrate these requirements into the solution to ensure a sustained growth in economies of scale. Ultimately, we believe that outsourced cloud computing providers will be able to build data-transfer-compliant components into their commercial technical services, and that the cost will be balanced by the expansion of the user's size, and that the outsourced supplier will include this cost in setting the service price.


　　


For example, early cloud vendors allow customers to control the location of data storage for certain technologies through "available zones." Because each country's data transfer regulations are different, cloud providers can store data in a predetermined area (for example, the European Economic Area); With this approach, data can be continuously transferred from the vendor's European servers without a problem with the rules because the data is stored in specific licensed areas.


　　


2, data security


　　


data security and data protection is often a major concern in outsourcing plans. The outsourcing agreement plan precisely sets the safety management technology that the supplier must adopt. The implementation of these security management plans is driven by the protection rules of sensitive data (personal data or financial data). How do you control it with an outsourced cloud computing solution? The CEO of Cisco says that cloud computing is like a nightmare of data security and cannot be controlled in the traditional way. For most companies, data security and data protection are the biggest obstacles to outsourcing cloud computing to applications that contain sensitive or confidential data.


　　


has ASP, Telecom transmission, Servicebureau protocol, Cloud computing protocol will gradually become one-way, and negotiation is more difficult. For example, an online cloud vendor contract is not negotiable, and a rather biased supplier: the supplier is not responsible for data security, the user is responsible for the security, protection and backup of the data, and the supplier is not responsible for any unauthorized access, use, destruction, deletion and loss of any data.


　　


Therefore, outsourcing contracts with cloud suppliers need to be more careful and contain less terms and conditions. Users should be concerned about whether the outsourced cloud computing solution guarantees data compliance, and ultimately, users will rely on vendor-supplied solution texts and believe that compliance is ensured (whether directly-for example, banking or medical software, or indirectly, such as interpreting specific data storage locations). As a result, the failure of the supplier to implement the user data processing process is deemed to fail to comply with the service description and be subject to compensation under the contract.


　　


As with any outsourcing program, it is a critical step to review the vendor's solution to determine control over data access. Does this vendor solution implement restrictions on enterprise data access and implement monitoring of visitors (so you know who has accessed which data)? What specifications need to be encrypted? How often is the data archived? Are all of the application software and software in the latest security upgrades? Whether the security level agreement includes this clause: the maintenance of the security system is a performance parameter.


　　


3, replacement supplier


　　

Another risk that
must take into account in outsourcing cloud computing services is to ensure business continuity (business continuity) before outsourcing services are terminated. Most outsourcing agreements agree on exit planning and transfer services, including the transfer of data in a format that can be leveraged by another vendor or enterprise internal solution. Specific cloud service agreements do not contain the terms of dealing with these issues. For example, the online cloud vendor agreement allows vendors to abort an agreement at any time without the responsibility of maintaining the data. At best, the agreement does not intentionally erase data within 30 days. You must negotiate with the supplier on termination of service, including the transfer of data to another vendor or enterprise, and you should ensure that the data is periodically transferred to the backup vendor to ensure business continuity in the event of a disaster.


　　


4, other risk


　　


Many of the risks of outsourcing cloud computing solutions are the same as other outsourced solutions, but these risks are difficult to pass on through agreements. Outsourcing, for example, means transferring service-level measurement and reporting tasks to suppliers and relying on suppliers ' infrastructure to send critical performance information. In a cloud solution, the customization space is smaller. Similarly, most suppliers are less likely to compensate the user if a problem or partnership is released, unless a precise contract is negotiated. In contrast to traditional outsourcing agreements, cloud cooperation agreements offer little room for negotiation. But the price of cloud outsourcing is tempting.